HP Tech@Work
Today's trends for tomorrow's business
Business after the EMV liability shift

Business after the EMV liability shift

What is EMV chip card technology? Is it really more secure than magnetic stripe technology? Is compliance worth the cost of upgrading? It's been over a month since the “EMV liability shift” went into effect in the U.S. on October 1, 2015, but many businesses still have unanswered questions.
To help you get the answers you need to minimize your liability, we've enlisted expert insight from Lorena Kubera, VP & GM of HP Retail Solutions Global Business Unit, and Cory McElroy, Director of Product Management & Marketing for HP Retail Solutions.
Here's what you need to know to master the EMV shift.
Q: What is EMV? A: EMV stands for “Europay, Mastercard, and Visa,” the three companies that originally developed this chip card technology in the mid-1990s. Simply put, the technology embeds a secure computer chip in the body of a credit card. This chip stores the payment application and has three key functions:
  1. Perform processing tasks
  2. Store confidential information securely
  3. Perform cryptographic processing1
The result is a more sophisticated credit card that allows for additional security measures, such as authentication of the chip card, digitally signing payment data, and more robust cardholder verification. [1]
Q: Is EMV more secure? A: Yes. You've probably heard that EMV technology is more secure than magnetic stripe technology, and it is by a very large margin. When Canada made the switch to EMV cards, credit card fraud dropped 73% within three years.[2] Similarly, since France made the switch they've seen credit card fraud drop by 80%.2 Considering that just over half of the world's credit card fraud now happens in the United States,[2] the switch to EMV technology could save consumers and businesses billions of dollars per year.
However, no security technology is perfect. Here are a few reasons EMV cards might not have as a large of an impact on card security in the U.S. as we've seen in other countries:
  • Increased attention from hackers—When magnetic stripe cards were used for the vast majority of U.S. purchases, hackers had no reason to focus on EMV. With the recent mass shift, however, hackers will likely begin to probe the new cards and systems for vulnerabilities.
  • Increase in online fraud—EMV chip cards greatly improve security for in-store transactions. When used for online purchases, however, they have the same vulnerabilities as magnetic stripe cards. This means online credit card transactions remain vulnerable, and online fraud rates may even increase. For example, in Europe the switch to EMV saw online credit and debit card fraud rates increase from 25% in 2004 to 64% in 2010.[3]
  • Signatures vs. PINs—There are two versions of EMV chip cards: chip-and-signature and chip-and-PIN. While the latter offers more security—it's harder to guess a PIN than fake a signature—the majority of EMV chip cards distributed in the U.S. are chip-and-signature.[4] As a result, “while there is some increased fraud protection over plain magnetic stripe reader cards today… it's not the ultimate solution like chip-and-PIN is,” says Kubera.
Q: How long will the EMV migration take? A: It will likely be several years before the migration is complete in the U.S. Here's why:
  • It's up to credit card issuers to make the final switch to chip-only cards. Until they're ready to make that change, and eliminate magnetic stripes for good, the migration won't be complete. While 600 million EMV credit cards are projected to reach cardholders by the end of 20155, only 25% of U.S. financial institutions will have issued EMV debit cards or plan to do so by the end of 2015.[6]
  • Retailers are not required to upgrade their systems to accept EMV for now. If a retailer is willing to accept the increased liability—perhaps due to an ROI decision or lack of information about why they should upgrade—then they can continue to accept magnetic stripe payments. A “fallback transaction” occurs when an EMV chip card's magnetic stripe is used on an EMV-enabled terminal. In such cases, when the retailer is fully EMV compliant, it's the credit card issuer who is liable for any fraud—a fallback to the pre-migration setup.[7]
Q: Does my business need to be EMV compliant? A: It's not required, but it's often a good idea.[8] Businesses are not required by U.S. law to be EMV compliant and may choose to put off their upgrades. “Every merchant has to do this internal ROI calculation,” explains McElroy. “If I'm selling a $5 meal, am I willing to take on a $5 fraud liability versus paying hundreds of dollars to upgrade?” For many businesses, the losses they could incur are much higher than the costs of upgrading their terminals and payment processor, making compliance an easy choice.
Upgrading to EMV compliant terminals and systems ensures you will not be held liable for in-store credit card fraud when EMV is used. Additionally, it is a good opportunity for your business to start accepting other payment methods—such as mobile wallet applications. You are essentially “future-proofing” your business by investing in technology that will allow you to accept whatever payment methods your customers would like to use.
Q: How will EMV affect the checkout process? A: Unless a customer or employee has lived abroad for some time, they may need some help learning how to use EMV chip cards. In the absence of a large advertising push—such as we've seen for many of the newer mobile payment systems—“there will be a period where businesses are going to have to explain to customers how they make their payment,” explains Kubera.
“Every time you change a process, there naturally is a slow down,” says McElroy. To keep your transactions moving smoothly—especially during the busy holiday periods—here are a few EMV-specific tips:
  • Train employees on how to use the system from both ends, in case they have to swipe or insert the card for a customer
  • Write up scripts, so that employees know exactly what to say when a customer is struggling or performs the wrong action
  • Set up reminders or instructional signs near the checkout showing customers how to use the new system
  • Make sure customers don't leave their cards behind. During the Canadian EMV migration customers often left their cards in the machines after a purchase[9]

Parting thoughts

EMV credit cards are a nice step forward in terms of security, but there is still a ways to go until the EMV migration is complete. If you haven't already, we suggest you take steps to ensure your business is 100% EMV compliant as soon as you can. In the event that fraud does occur, the party that is least EMV compliant is the one that is held liable. And in the case of a tie, where both parties are equally compliant, the liability remains with the card issuer.[9] The sooner you upgrade, the sooner you won't have to worry about your liability.
Additionally, try to approach this EMV migration as an opportunity—rather than a cost. If you're knowledgeable about the new setup and ready to educate your customers, they will see that they can trust you and may feel more secure doing business with you. Expanding the number of payment types you accept will prepare your business not just for EMV, but for a variety of payment methods vying for a place in our wallets.
[1] EMVCo, A Guide to EMV Chip Technology, 2014
[2] HP, Business after the EMV Liability Shift, 2015
[5] CreditCards.com, 8 FAQs about EMV credit cards, 2015

Disclosure: Our site may get a share of revenue from the sale of the products featured on this page.

Disclaimer

Prices, specifications, availability and terms of offers may change without notice. Price protection, price matching or price guarantees do not apply to Intra-day, Daily Deals or limited-time promotions. Quantity limits may apply to orders, including orders for discounted and promotional items. Despite our best efforts, a small number of items may contain pricing, typography, or photography errors. Correct prices and promotions are validated at the time your order is placed. These terms apply only to products sold by HP.com; reseller offers may vary. Items sold by HP.com are not for immediate resale. Orders that do not comply with HP.com terms, conditions, and limitations may be cancelled. Contract and volume customers not eligible.

HP’s MSRP is subject to discount. HP’s MSRP price is shown as either a stand-alone price or as a strike-through price with a discounted or promotional price also listed. Discounted or promotional pricing is indicated by the presence of an additional higher MSRP strike-through price

The following applies to HP systems with Intel 6th Gen and other future-generation processors on systems shipping with Windows 7, Windows 8, Windows 8.1 or Windows 10 Pro systems downgraded to Windows 7 Professional, Windows 8 Pro, or Windows 8.1: This version of Windows running with the processor or chipsets used in this system has limited support from Microsoft. For more information about Microsoft’s support, please see Microsoft’s Support Lifecycle FAQ at https://support.microsoft.com/lifecycle

Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, Xeon Inside, and Intel Optane are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

In-home warranty is available only on select customizable HP desktop PCs. Need for in-home service is determined by HP support representative. Customer may be required to run system self-test programs or correct reported faults by following advice given over phone. On-site services provided only if issue can't be corrected remotely. Service not available holidays and weekends.

HP will transfer your name and address information, IP address, products ordered and associated costs and other personal information related to processing your application to Bill Me Later®. Bill Me Later will use that data under its privacy policy.

Microsoft Windows 10: Not all features are available in all editions or versions of Windows 10. Systems may require upgraded and/or separately purchased hardware, drivers, software or BIOS update to take full advantage of Windows 10 functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See http://www.microsoft.com.

“Best All In One Printer” and “the easiest printer you’ve ever had to set up” from Wirecutter. ©2020 The Wirecutter, Inc.. All rights reserved. Used under license. https://www.nytimes.com/wirecutter/reviews/best-all-in-one-printer/

Get Marvel’s Avengers when you purchase HP gaming PCs with qualifying 9th gen or 10th gen Intel® Core™ i5, i7 and i9 processors. Redemption code will be sent out by email within 60 days of purchase. Limited quantities and while supply lasts. Offer valid thru 12/31/2020 only while supplies last. We reserve the right to replace titles in the offer for ones of equal or greater value. Certain titles may not be available to all consumers because of age restrictions. The Offer may be changed, cancelled, or suspended at any time, for any reason, without notice, at Intel’s reasonable discretion if its fairness or integrity affected whether due to human or technical error. The Offer sponsor is Intel Corporation, 2200 Mission College Blvd., Santa Clara, CA 95054, USA. To participate you must create an Intel Digital Hub Account, purchase a qualifying product during the redemption period, enter a valid Master Key, and respond to a brief survey. Information you submit is collected, stored, processed, and used on servers in the USA. For more information on offer details, eligibility, restrictions, and our privacy policy, visit https://softwareoffer.intel.com/offer/20Q3-19/terms.

© 2020 MARVEL. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.

The personal information you provide will be used according to the HP Privacy Statement (https://www8.hp.com/us/en/privacy/ww-privacy.html)